Channels
#fleet
Title
# fleet
s
Swakhil
12/16/2022, 5:47 AMHello Folks,
I am new to fleet and just configured it on a public DNS. Added a Linux and windows host. Linux worked fine but got some issues for windows host.
The first error is
detail_query_network_interface expected single result, got 0 Copy code
{"component":"service","err":"detail_query_network_interface expected single result, got 0","method":"IngestFunc","ts":"2022-12-15T11:58:41.396213187Z"}
{"hostID":1,"level":"error","message":"distributed query is denylisted","query":"fleet_detail_query_software_windows","ts":"2022-12-15T11:58:41.396500965Z"}
{"err":"failed","level":"error","op":"directIngestSoftware","ts":"2022-12-15T11:58:41.396717347Z"}
{"level":"warn","op":"directIngestWindowsUpdateHistory","skipped":"KB id not found in HP Development Company, L.P. - SoftwareComponent - 8.10.28.1","ts":"2022-12-15T11:58:41.400430479Z"}KB id not foundl
Lucas Rodriguez
12/16/2022, 4:29 PMHi @Swakhil!
Couple of questions:
1. re `detail_query_network_interface`: Maybe you can run the following live query on the host to check why Fleet is getting 0 results:
Copy code
select
ia.address,
id.mac
from
interface_addresses ia
join interface_details id on id.interface = ia.interface
join routes r on r.interface = ia.address;fleet_detail_query_software_windowsdirectIngestWindowsUpdateHistorys
Swakhil
12/19/2022, 12:33 PMHi @Lucas Rodriguez,
Tried running the query on the host, but nothing was returning. Finally, Installed latest version v4.24.1 which worked perfectly fine. The software data and network details are visible on the individual host page.
r
Raghavendra Hiremath
12/20/2022, 9:40 AMAny idea on updating websockets on nginx server for fleet to communicate?
s
Swakhil
12/20/2022, 10:00 AMr
Raghavendra Hiremath
12/20/2022, 10:07 AMThank you @Swakhil, from below code snippet
Copy code
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass <http://ws-backend>;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
} Copy code
example: proxy_pass <http://FLEET_FQDN>;s
Swakhil
12/20/2022, 10:19 AMIt should be the upstream server that the request should be forwarded to. Not sure of how you have configured the fleet.
r
Raghavendra Hiremath
12/20/2022, 10:21 AMOsquery_host ------> nginx proxy (http ---> https) --------> fleet docker listening on 8080, 3 hosts
s
Swakhil
12/20/2022, 10:27 AMI have configured it through fleet binary, not sure of deploying through docker compose. I can see that you are trying to run fleet on 8080 but nginx is listening on port 443. You can try configuring it on 443 with key & cert path and proxy_pass with fleet fqdn.
r
Raghavendra Hiremath
12/20/2022, 10:35 AMSure, yeah I will try it in sometime, should I try configuring 443 on fleet binary/docker itself?
s
Swakhil
12/20/2022, 10:38 AMIt is upto you, if you want to run on https, I found binary would be simple. just directly passing the parameters to fleet binary like below
Copy code
./fleet serve \
--mysql_address=127.0.0.1:3306 \
--mysql_database=fleet \
--mysql_username=root \
--mysql_password=test@001 \
--redis_address=127.0.0.1:6379 \
--server_address=0.0.0.0:443 \
--server_cert=/etc/ssl/cert-key/server.cert \
--server_key=/etc/ssl/cert-key/server.key \
--osquery_result_log_plugin=stdout \
--osquery_status_log_plugin=stdout \
--logging_jsonr
Raghavendra Hiremath
12/20/2022, 10:40 AMOkay, you have directly exposed it to run on 443, good. that should not overwrite or cause trouble removing default 8080 right?
s
Swakhil
12/20/2022, 10:42 AMyes
r
Raghavendra Hiremath
12/20/2022, 10:45 AMThank you, I will try it and update you on this in 2 hours
It is working, updated websocket details in nginx configuration
l
Lucas Rodriguez
12/20/2022, 8:25 PMTried running the query on the host, but nothing was returning. Finally, Installed latest version v4.24.1 which worked perfectly fine.@Swakhil So the issue was resolved by updating?